import { apiPage, agHelper } from "../../../../support/Objects/ObjectsCore";

describe("Ensure XSS vulnerability are handled", () => {
  const test_rest_api_url1 = "https://jsonplaceholder.typicode.com/users";

  it("1. Ensures xss scripts are not executed when an API is run.", () => {
    apiPage.CreateApi("FirstAPI");
    apiPage.EnterURL(test_rest_api_url1);
    apiPage.EnterHeader(
      "key",
      `<img src=x onerror='fetch("/api/v1/admin/env").then(r=>r.text()).then(body=>document.body.insertAdjacentHTML("beforeend", "<h1 class=\"xss-container\" style=\"color:red;font-size:72px;position:absolute;top:0;z-index:9\">Poof!</h1>"))'>`,
    );
    apiPage.RunAPI();
    agHelper.AssertElementAbsence(".xss-container");
  });
});
